[NTLUG:Discuss] IP Forwarding

George E. Lass George.Lass at osc.com
Thu Feb 17 10:46:22 CST 2000


"George E. Lass" wrote:
> 
> I'm trying to use my RedHat 6.1 box as a router, but am having
> little success.  Here is what my "network" looks like:
> 
> BOX-1<------->BOX-2<---->CISCO ROUTER<--------->BOX-3
> 
> BOX-1 is 10.2.200.26
> BOX-2 is 10.2.200.1 on eth1 (connecting to BOX-1)
> BOX-2 is also 10.2.1.36 on eth0 (connecting to CISCO ROUTER)
> BOX-3 is 10.2.1.21 on eth0
> 
> BOX-3 can telnet to 10.2.1.36
> BOX-3 can also telnet to 10.2.200.1
> 
> BOX-2 can telnet to 10.2.1.21
> BOX-2 can also telnet to 10.2.200.26
> 
> BOX-1 can telnet to 10.2.200.1
> BOX-1 can also telnet to 10.2.1.36
> 
> BUT
> 
> BOX-3 can NOT telnet to 10.2.200.1
> BOX-1 can NOT telnet to 10.2.1.21
> 
> I've read the HOWTO on ipchains, and fooled with them
> for several hours, but to no avail.  I even tried to
> set up a rule to log telnet attempts from BOX-3 to BOX-1
> but I don't ever see any log entries.  I tested
> the rule for telnet from BOX-3 to 10.2.200.1 and it
> works just fine:
> 
> ipchains -A input -p tcp -s 10.2.1.21 -d 10.2.200.1 telnet -j ACCEPT -l
> 
> here is the one that never logs a packet:
> 
> ipchains -A input -p tcp -s 10.2.1.21 -d 10.2.200.26 telnet -j ACCEPT -l
> 
> Any ideas?
> 
> TIA,
> 
> George
> 
A short update.  Using only the following ipchains command, I am now
able to telnet from BOX-1 to BOX-3, but I *still* can't get from BOX-3
to BOX-1:

ipchains -A forward -j MASQ -b -s 10.2.200.0/24 -d 0.0.0.0/0

George




More information about the Discuss mailing list